It doesn’t just feel like data breaches are on the rise; they actually are: The UK’s Information Commissioner's Office (ICO) looked into nearly three times as many alleged cases of Data Protection Act breaches by UK financial services companies last year than it did in 2013.
ICO data obtained by Egress Software Technologies shows that 585 data protection cases in the financial services sector were reported to the ICO in 2014, compared to just 206 the year before. Egress said that included in the information is this little tidbit: ALL of the major UK banks and lenders have "reported multiple incidents to the ICO in the last two years.”
Those ICO cases were not all proved to be confirmed data breaches, it should be clarified: An ICO spokesperson told Out-Law.com that the cases were a mix of third-party complaints and self-reported incidents that were simply investigated.
"It is often not obligatory for an organization to report data security incidents to the ICO," technology law expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com, said. "In the past, it has mostly been public bodies that have done so. I would be careful about reading into the data that security has worsened within the financial sector. If anything, my experience suggests that, security is taken very seriously by the vast majority of the sector and that increasing governance and transparency has led to an increasing tendency to self-report—if that’s right, it means that the new data is a positive sign."
That said, others took the stats to show a growing need to take a proactive approach to monitoring communications systems, and not just email. In this age of ubiquitous mobility and unified communications, instant messages, chat and SMS messages could all equally contain sensitive information or data.
“It is a positive sign that the number of investigations from the Information Commissioner’s Office have increased,” said Phil Beckett, partner at Proven Legal Technologies, in an emailed comment to media. “However, a proactive approach is always preferable to reactive activity, and measures could have been taken to stop any data from being breached in the first place.”
By keeping a close eye on all platforms, any attempts to share sensitive data can often be spotted and prevented at an early stage through a careful combination of auditing, monitoring and security processes, he added.